Search criteria
3 vulnerabilities by resi
CVE-2022-29540 (GCVE-0-2022-29540)
Vulnerability from cvelistv5 – Published: 2022-05-31 20:34 – Updated: 2024-08-03 06:26
VLAI
Summary
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.gruppotim.it/it/footer/red-team.html | x_refsource_MISC |
| https://www.resi.it/prodotti-soluzioni-commercial… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T20:34:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gruppotim.it/it/footer/red-team.html",
"refsource": "MISC",
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"name": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring",
"refsource": "MISC",
"url": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29540",
"datePublished": "2022-05-31T20:34:17.000Z",
"dateReserved": "2022-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:06.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29538 (GCVE-0-2022-29538)
Vulnerability from cvelistv5 – Published: 2022-05-12 14:15 – Updated: 2024-08-03 06:26
VLAI
Summary
RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.gruppotim.it/it/footer/red-team.html | x_refsource_MISC |
| https://www.resi.it/prodotti-soluzioni-commercial… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T14:15:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gruppotim.it/it/footer/red-team.html",
"refsource": "MISC",
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"name": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring",
"refsource": "MISC",
"url": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29538",
"datePublished": "2022-05-12T14:15:45.000Z",
"dateReserved": "2022-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:05.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29539 (GCVE-0-2022-29539)
Vulnerability from cvelistv5 – Published: 2022-05-12 14:15 – Updated: 2024-08-03 06:26
VLAI
Summary
resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.gruppotim.it/it/footer/red-team.html | x_refsource_MISC |
| https://www.resi.it/prodotti-soluzioni-commercial… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `\u0026|;\\r\\ commands) and inject arbitrary system commands with the privileges of the application user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T14:15:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `\u0026|;\\r\\ commands) and inject arbitrary system commands with the privileges of the application user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gruppotim.it/it/footer/red-team.html",
"refsource": "MISC",
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"name": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring",
"refsource": "MISC",
"url": "https://www.resi.it/prodotti-soluzioni-commerciali/gemini-network-service-monitoring"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29539",
"datePublished": "2022-05-12T14:15:42.000Z",
"dateReserved": "2022-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:06.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}